Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute for Cyber Security

Published byGodwin McGee Modified over 6 years ago

Similar presentations

Presentation on theme: "Institute for Cyber Security"— Presentation transcript:

1 Institute for Cyber Security
On the Relationship between Finite Domain ABAM and PreUCONA Asma Alshehri and Ravi Sandhu Department of Computer Science 10th International Conference on Network and System Security (NSS) September 28-30, 2016 © Ravi Sandhu World-Leading Research with Real-World Impact!

2 World-Leading Research with Real-World Impact!
Outline Introduction ABAM model PreUCONA model Expressing PreUCONA IN ABAM Reducing ABAM to PreUCONA Right-Less ABAM with Two Parameters (RL-ABAM2) Expressing RL-ABAM2 in PreUCONA Conclusion Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

3 World-Leading Research with Real-World Impact!
Introduction ABAM: HRU + Attributes Test for and modify attribute values Set of attributes is finite PreUCONA Sub-model of UCON Test for and modify attribute values prior access Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

4 Attribute Based Access Matrix (ABAM)
Components: Subjects (S) and Objects (O) Attributes and Attribute Tuples Rights (R) and Access Matrix Attribute Predicates (P) Primitive Operations Commands Fig. 1. ABAM access matrix [14] ABAM access matrix [*] * Zhang, X., Li, Y., Nalla, D.: An attribute-based access matrix model. In: the 2005 ACM Symposium on Applied Computing, pp (2005). © Ravi Sandhu World-Leading Research with Real-World Impact!

5 Attribute Based Access Matrix (ABAM)
ABAM Commands: Parameters (entities with possibly new attribute values) Conditions A sequence of primitive operations. Command If then end Fig. 1. ABAM access matrix [14] ABAM access matrix [*] * Zhang, X., Li, Y., Nalla, D.: An attribute-based access matrix model. In: the 2005 ACM Symposium on Applied Computing, pp (2005). © Ravi Sandhu World-Leading Research with Real-World Impact!

6 World-Leading Research with Real-World Impact!
PreUCONA Three components: An object schema A set of finite usage rights A set of usage control commands Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

7 World-Leading Research with Real-World Impact!
PreUCONA PreUCONA Commands: Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

8 Expressing PreUCONA IN ABAM
Challenges: Condition Part in PreUCONA permits arbitrary computable Boolean functions Condition Part in ABAM only permits propositional logic formulas Finite domain results in: PreUCONA can be computed for all possible attribute values of s and o The results can be “compiled” into multiple ABAM commands. Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

9 Expressing PreUCONA IN ABAM
Example: Let the object schema and usage rights UR = {update}. The initial values for s and o attributes are [1,2,3] and [2,3,1] respectively for The PreUCONA update command is in the left side, and the table shows the possible ABAM commands: Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

10 Reducing ABAM to PreUCONA
Challenges of Reducing ABAM to PreUCONA PreUCONA command has the ability to grant a non-persistent right in each command ABAM command has the power of granting one or more rights to the actor, maintaining the given rights in the corresponding cell of the actor, and permitting two or more parameters (more targets) in each command. Unrestricted use of rights in ABAM will result in undecidable safety whereas PreUCONA has decidable safety Reducing ABAM to PreUCONA is not possible Right-Less ABAM with Two Parameters (RL-ABAM2) is a restricted form of ABAM that can be reduced to PreUCONA Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

11 Right-Less ABAM with Two Parameters (RL-ABAM2)
RL-ABAM2 command is limited in terms: Number of parameters The if statement section The existence of rights RL-ABAM2 command is is defined as follows: Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

12 Expressing RL-ABAM2 in PreUCONA
Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

13 Expressing RL-ABAM2 in PreUCONA
The corresponding PreUCONA components of the RL-ABAM2 schema are extended as follows: Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

14 Expressing RL-ABAM2 in PreUCONA
To apply a RL-ABAM2 command in PreUCONA commands, a sequence of steps is introduced as follows: 1- Give a lock to the first parameter of the RL-ABAM2 command 2- Decide the second parameter of the Rl-ABAM2 command Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

15 Expressing RL-ABAM2 in PreUCONA
3- Implement a sequence of PreUCONA commands (depend on the number of the operation over rights in the body of an RL-ABAM2 command) Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

16 Expressing RL-ABAM2 in PreUCONA
4- Release the lock from the first parameter (actor) of the RL-ABAM2 command. Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

17 World-Leading Research with Real-World Impact!
Conclusion The study of ABAM indicates that a safe application of access rights could be based on the following principles: 1- Do not use rights in the if part of commands 2- Some rights could be left behind by commands so their next use is more efficient 3- There is a meaningful place for access matrix rights Fig. 1. ABAM access matrix [14] © Ravi Sandhu World-Leading Research with Real-World Impact!

18 Institute for Cyber Security
Thank you!! Any Questions?? © Ravi Sandhu World-Leading Research with Real-World Impact!

Download ppt "Institute for Cyber Security"

Similar presentations

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
© 2004 Ravi Sandhu www.list.gmu.edu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.

1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
On the Expressive Power of the Unary Transformation Model by Ravi Sandhu Srinivas Ganta Center for Secure Information Systems George Mason University.

On the Expressive Power of the Unary Transformation Model by Ravi Sandhu Srinivas Ganta Center for Secure Information Systems George Mason University.
Institute for Cyber Security

Institute for Cyber Security
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.

Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University

© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.

Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.
11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.

11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.
Rasool Jalili; 2 nd semester 1387-1388; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application.

Rasool Jalili; 2 nd semester ; Database Security, Sharif Uni. of Tech. The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application.
SBML2Murphi: a Translator from a Biology Markup Language to Murphy Andrea Romei Ciclo di Seminari su Model Checking Dipartimento di Informatica Università.

SBML2Murphi: a Translator from a Biology Markup Language to Murphy Andrea Romei Ciclo di Seminari su Model Checking Dipartimento di Informatica Università.
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
Secure Information and Resource Sharing in CloudSecure Information and Resource Sharing in Cloud References OSAC-SID Model [1]K. Harrison and G. White.

Secure Information and Resource Sharing in CloudSecure Information and Resource Sharing in Cloud References OSAC-SID Model [1]K. Harrison and G. White.
Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.

Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.
INTRODUCTION TO DATABASE USING MS ACCESS 2013 PART 2 NOVEMBER 4, 2014.

INTRODUCTION TO DATABASE USING MS ACCESS 2013 PART 2 NOVEMBER 4, 2014.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

Similar presentations

Ads by Google